TECHZONE™

Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit https://thehackernews.com/2025/11/googles-ai-big-sleep-finds-5-new.html Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit component used in its Safari web browser that, if successfully exploited, could result in a browser crash or memory corruption. The list of vulnerabilities is as follows - CVE-2025-43429 - A buffer overflow

U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks https://thehackernews.com/2025/11/us-prosecutors-indict-cybersecurity.html Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 and extorting them. Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co–conspirator (aka "Co-Conspirator 1") based in Florida, all U.S. nationals, are said to have used the ransomware strain against a medical

Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel https://thehackernews.com/2025/11/microsoft-detects-sesameop-backdoor.html Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications. "Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive https://thehackernews.com/2025/11/malicious-vsx-extension-sleepyduck-uses.html Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck. According to Secure Annex's John Tuckner, the extension in question, juan-bianco.solidity-vlang (version 0.0.7), was first published on October 31, 2025, as a completely benign library that was subsequently updated to version 0.0.8 on November 1 to

How MDR can give MSPs the edge in a competitive market https://www.welivesecurity.com/en/business-security/mdr-msps-edge-competitive-market/ With cybersecurity talent in short supply and threats evolving fast, managed detection and response is emerging as a strategic necessity for MSPs

Cybersecurity Awareness Month 2025: Cyber-risk thrives in the shadows https://www.welivesecurity.com/en/videos/cybersecurity-awareness-month-2025-cyber-risk-thrives-shadows/ Shadow IT leaves organizations exposed to cyberattacks and raises the risk of data loss and compliance failures

Gotta fly: Lazarus targets the UAV sector https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/ ESET research analyzes a recent instance of the Operation DreamJob cyberespionage campaign conducted by Lazarus, a North Korea-aligned APT group

SnakeStealer: How it preys on personal data – and how you can protect yourself https://www.welivesecurity.com/en/malware/snakestealer-personal-data-stay-safe/ Here’s what to know about the malware with an insatiable appetite for valuable data, so much so that it tops this year's infostealer detection charts

Cybersecurity Awareness Month 2025: Building resilience against ransomware https://www.welivesecurity.com/en/videos/cybersecurity-awareness-month-2025-resilience-ransomware/ Ransomware rages on and no organization is too small to be targeted by cyber-extortionists. How can your business protect itself against the threat?

Minecraft mods: Should you 'hack' your game? https://www.welivesecurity.com/en/kids-online/minecraft-mods-minefield-risks/ Some Minecraft mods don’t help build worlds – they break them. Here’s how malware can masquerade as a Minecraft mod.

IT service desks: The security blind spot that may put your business at risk https://www.welivesecurity.com/en/business-security/it-service-desks-security-blind-spot-business/ Could a simple call to the helpdesk enable threat actors to bypass your security controls? Here’s how your team can close a growing security gap.

Cybersecurity Awareness Month 2025: Why software patching matters more than ever https://www.welivesecurity.com/en/videos/cybersecurity-awareness-month-2025-software-patching-matters/ As the number of software vulnerabilities continues to increase, delaying or skipping security updates could cost your business dearly.

AI-aided malvertising: Exploiting a chatbot to spread scams https://www.welivesecurity.com/en/social-media/ai-aided-malvertising-chatbot-scams/ Cybercriminals have tricked X’s AI chatbot into promoting phishing scams in a technique that has been nicknamed “Grokking”. Here’s what to know about it.

How Uber seems to know where you are – even with restricted location permissions https://www.welivesecurity.com/en/privacy/how-uber-seems-know-where-you-are-restricted-location-permissions/ Is the ride-hailing app secretly tracking you? Not really, but this iOS feature may make it feel that way.

Cybersecurity Awareness Month 2025: Passwords alone are not enough https://www.welivesecurity.com/en/videos/cybersecurity-awareness-month-2025-passwords-alone-are-not-enough/ Never rely on just a password, however strong it may be. Multi-factor authentication is essential for anyone who wants to protect their online accounts from intruders.

The case for cybersecurity: Why successful businesses are built on protection https://www.welivesecurity.com/en/business-security/case-cybersecurity-successful-businesses-built-protection/ Company leaders need to recognize the gravity of cyber risk, turn awareness into action, and put security front and center

Beware of threats lurking in booby-trapped PDF files https://www.welivesecurity.com/en/malware/threats-lurking-pdf-files/ Looks can be deceiving, so much so that the familiar icon could mask malware designed to steal your data and money.

Manufacturing under fire: Strengthening cyber-defenses amid surging threats https://www.welivesecurity.com/en/business-security/manufacturing-fire-strengthening-cyber-defenses-surging-threats/ Manufacturers operate in one of the most unforgiving threat environments and face a unique set of pressures that make attacks particularly damaging

New spyware campaigns target privacy-conscious Android users in the UAE https://www.welivesecurity.com/en/eset-research/new-spyware-campaigns-target-privacy-conscious-android-users-uae/ ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United Arab Emirates

Cybersecurity Awareness Month 2025: Knowledge is power https://www.welivesecurity.com/en/videos/cybersecurity-awareness-month-2025-knowledge-power/ We're kicking off the month with a focus on the human element: the first line of defense, but also the path of least resistance for many cybercriminals